https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Mark+Thomas
OWASP - User contributions [en]
2026-06-01T15:17:51Z
User contributions
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session029&diff=104323
Summit 2011 Working Sessions/Session029
2011-02-07T23:25:24Z
<p>Mark Thomas: Mark Thomas / Apache Tomcat</p>
<hr />
<div>{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude><br />
|-<br />
<br />
| summit_session_attendee_name1 = Chris Schmidt<br />
| summit_session_attendee_email1 = chris.schmidt@owasp.org<br />
| summit_session_attendee_username1 = <br />
| summit_session_attendee_company1=Aspect Security<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br />
<br />
| summit_session_attendee_name2 = Achim Hoffmann<br />
| summit_session_attendee_email2 = achim@owasp.org<br />
| summit_session_attendee_username2 = Achim<br />
| summit_session_attendee_company2= sic[!]sec<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=capabilities of WAFs to protect against CSRF<br />
<br />
| summit_session_attendee_name3 = Ryan Barnett<br />
| summit_session_attendee_email3 = Ryan.Barnett@owasp.org<br />
| summit_session_attendee_username3 = <br />
| summit_session_attendee_company3=Trustwave's SpiderLabs<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=discuss how WAFs (ModSecurity) can help mitigate CSRF. Also want to discuss/test new CSRFGuard v3 JS code<br />
<br />
| summit_session_attendee_name4 = Mark Thomas<br />
| summit_session_attendee_email4 = markt@apache.org<br />
| summit_session_attendee_username4 = <br />
| summit_session_attendee_company4= Apache Software Foundation<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=Looking for ideas to improve Apache Tomcat's built-in CSRF protection<br />
<br />
| summit_session_attendee_name5 = Vishal Garg<br />
| summit_session_attendee_email5 = vishalgrg@gmail.com<br />
| summit_session_attendee_username5 = <br />
| summit_session_attendee_company5= AppSecure Labs<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= WAFs vs. Frameworks to protect against CSRF<br />
<br />
| summit_session_attendee_name6 = <br />
| summit_session_attendee_email6 = <br />
| summit_session_attendee_username6 = <br />
| summit_session_attendee_company6=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br />
<br />
| summit_session_attendee_name7 = <br />
| summit_session_attendee_email7 = <br />
| summit_session_attendee_username7 = <br />
| summit_session_attendee_company7=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br />
<br />
| summit_session_attendee_name8 = <br />
| summit_session_attendee_email8 = <br />
| summit_session_attendee_username8 = <br />
| summit_session_attendee_company8=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br />
<br />
| summit_session_attendee_name9 = <br />
| summit_session_attendee_email9 = <br />
| summit_session_attendee_username9 = <br />
| summit_session_attendee_company9=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br />
<br />
| summit_session_attendee_name10 = <br />
| summit_session_attendee_email10 = <br />
| summit_session_attendee_username10 = <br />
| summit_session_attendee_company10=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br />
<br />
| summit_session_attendee_name11 = <br />
| summit_session_attendee_email11 = <br />
| summit_session_attendee_username11 = <br />
| summit_session_attendee_company11=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br />
<br />
| summit_session_attendee_name12 = <br />
| summit_session_attendee_email12 = <br />
| summit_session_attendee_username12 = <br />
| summit_session_attendee_company12=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br />
<br />
| summit_session_attendee_name13 = <br />
| summit_session_attendee_email13 = <br />
| summit_session_attendee_username13 = <br />
| summit_session_attendee_company13=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br />
<br />
| summit_session_attendee_name14 = <br />
| summit_session_attendee_email14 = <br />
| summit_session_attendee_username14 = <br />
| summit_session_attendee_company14=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br />
<br />
| summit_session_attendee_name15 = <br />
| summit_session_attendee_email15 = <br />
| summit_session_attendee_username15 = <br />
| summit_session_attendee_company15=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br />
<br />
| summit_session_attendee_name16 = <br />
| summit_session_attendee_email16 = <br />
| summit_session_attendee_username16 = <br />
| summit_session_attendee_company16=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br />
<br />
| summit_session_attendee_name17 = <br />
| summit_session_attendee_email17 = <br />
| summit_session_attendee_username17 = <br />
| summit_session_attendee_company17=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br />
<br />
| summit_session_attendee_name18 = <br />
| summit_session_attendee_email18 = <br />
| summit_session_attendee_username18 = <br />
| summit_session_attendee_company18=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br />
<br />
| summit_session_attendee_name19 = <br />
| summit_session_attendee_email19 = <br />
| summit_session_attendee_username19 = <br />
| summit_session_attendee_company19=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br />
<br />
| summit_session_attendee_name20 = <br />
| summit_session_attendee_email20 = <br />
| summit_session_attendee_username20 = <br />
| summit_session_attendee_company20=<br />
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br />
<br />
|-<br />
| summit_track_logo = [[Image:T._secure_coding.jpg]]<br />
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]<br />
| summit_session_name = Protecting Against CSRF<br />
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029<br />
| mailing_list =<br />
|-<br />
<br />
| short_working_session_description = Examining different ways to build CSRF protection into web applications and web frameworks.<br />
<br />
|-<br />
<br />
| related_project_name1 = ESAPI Java CSRF protection in DefaultHTTPUtilities.java<br />
| related_project_url_1 = https://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java<br />
<br />
| related_project_name2 = CSRFGuard<br />
| related_project_url_2 = http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project<br />
<br />
| related_project_name3 = Preventing CSRF with mod_security<br />
| related_project_url_3 = http://knol.google.com/k/preventing-cross-site-request-forgeries-csrf-using-modsecurity#<br />
<br />
| related_project_name4 = Prevent CSRF with ModSecurity v2 (Request Validation Tokens via Content Injection)<br />
| related_project_url_4 = http://blog.spiderlabs.com/2011/01/detecting-malice-with-modsecurity-csrf-attacks.html<br />
<br />
| related_project_name5 = <br />
| related_project_url_5 = <br />
<br />
|-<br />
<br />
| summit_session_objective_name1= <br />
<br />
| summit_session_objective_name2 = <br />
<br />
| summit_session_objective_name3 = <br />
<br />
| summit_session_objective_name4 = <br />
<br />
| summit_session_objective_name5 = <br />
<br />
|-<br />
<br />
| working_session_date_and_time = <br />
<br />
|-<br />
<br />
| discussion_model = participants and attendees<br />
<br />
|-<br />
<br />
| operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br />
<br />
|-<br />
<br />
| working_session_additional_details = <br />
<br />
|-<br />
<br />
|summit_session_deliverable_name1 = A practical guideline for protecting against CSRF in the real world.<br />
<br />
|summit_session_deliverable_name2 = A concise, clear standard for determining whether an application is vulnerable to CSRF.<br />
<br />
|summit_session_deliverable_name3 = <br />
<br />
|summit_session_deliverable_name4 = <br />
<br />
|summit_session_deliverable_name5 = <br />
<br />
|summit_session_deliverable_name6 = <br />
<br />
|summit_session_deliverable_name7 = <br />
<br />
|summit_session_deliverable_name8 = <br />
<br />
|-<br />
<br />
| summit_session_leader_name1 = <br />
| summit_session_leader_email1 = <br />
<br />
| summit_session_leader_name2 = <br />
| summit_session_leader_email2 = <br />
| summit_session_leader_username2 = <br />
<br />
| summit_session_leader_name3 = <br />
| summit_session_leader_email3 = <br />
| summit_session_leader_username3 = <br />
<br />
|-<br />
<br />
| operational_leader_name1 =<br />
| operational_leader_email1 =<br />
| operational_leader_username1 = <br />
<br />
|-<br />
<br />
| meeting_notes = <br />
<br />
|-<br />
| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session029<br />
| session_home_page = <!--Please replace DO NOT EDIT this string --> Summit_2011_Working_Sessions/Session029<br />
}}</div>
Mark Thomas